Home Depot investigating potentially huge credit card hack

Home Depot is investigating a potentially huge credit and debit card breach, with early signs that the scale of the stolen cards could well exceed the sizable Target hack of late 2013. Evidence of a new cache of fraudulently cloned cards began showing up today at black-market stores, with whispers from banks going on to be confirmed by Home Depot that something seemed awry.

“I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” Home Depot spokesperson Paula Drake told Krebs on Security.

The retailer has not confirmed that there has been a breach, but many of the signs are pointing to that indeed being the case. Brian Krebs was notified by a number of sources at banks of evidence of card theft, potentially by the same Russian and Ukranian hackers responsible for the Target breach last year.

The group was also responsible for similar hacks at Sally Beauty and P.F. Chang’s.

A flood of American cards was spotted on an underground store today, dubbed “American Sanctions” in what’s suggested is a retaliation against Russia for recent troubles in Ukraine.

No matter the motivation, however, the impact on American consumers could be considerable. Exact numbers – either of stores involved or how many customers might have been affected – are unknown at this stage, but according to some banks there are indications that the breach began as early as late-April 2014.

Home Depot has over 2,200 stores in total, including those outside of the US, leading Krebs to warn that – if a majority were affected and the hack was indeed as long-running as some banks suspect – it could well overshadow the 40m Target customers whose details were stolen.